Skip to content
This repository was archived by the owner on Sep 24, 2018. It is now read-only.
This repository was archived by the owner on Sep 24, 2018. It is now read-only.

Querying comments by post_slug is protected #1979

Closed
Closed
Querying comments by post_slug is protected#1979
Labels
Bug
Milestone
2.0 Beta 12
@patrickgalbraith

Description

@patrickgalbraith
patrickgalbraith
opened on Jan 10, 2016

Why does querying comments by post_slug require authentication but by post_id it doesn't?

This is causing me issues for something I am building since I cannot request the post and the comments in parallel since I don't know the post's ID from the URL. So I have to wait for the post request to finish before requesting the comments. I can't see any reason why most of those arguments are protected (see code below).

$prepared_args = array(
  'number'  => $request['per_page'],
  'post_id' => $request['post'] ? $request['post'] : '', // <--- Not authenticated
  'parent'  => isset( $request['parent'] ) ? $request['parent'] : '',
  'search'  => $request['search'],
  'orderby' => $this->normalize_query_param( $order_by ),
  'order'   => $request['order'],
  'status'  => 'approve',
  'type'    => 'comment',
);

$prepared_args['offset'] = $prepared_args['number'] * ( absint( $request['page'] ) - 1 );

if ( current_user_can( 'edit_posts' ) ) {
  $protected_args = array(
    'user'         => $request['user'] ? $request['user'] : '',
    'status'       => $request['status'],
    'type'         => isset( $request['type'] ) ? $request['type'] : '',
    'author_email' => isset( $request['author_email'] ) ? $request['author_email'] : '',
    'karma'        => isset( $request['karma'] ) ? $request['karma'] : '',
    'post_author'  => isset( $request['post_author'] ) ? $request['post_author'] : '',
    'post_name'    => isset( $request['post_slug'] ) ? $request['post_slug'] : '', // <--- Authenticated :(
    'post_parent'  => isset( $request['post_parent'] ) ? $request['post_parent'] : '',
    'post_status'  => isset( $request['post_status'] ) ? $request['post_status'] : '',
    'post_type'    => isset( $request['post_type'] ) ? $request['post_type'] : '',
  );

  $prepared_args = array_merge( $prepared_args, $protected_args );
}

On another note the comments _embedded in the post also can't be ordered which is a pain since I am showing the comments in asc order and the api doesn't take into account the discussion settings in WordPress. Which means I need to do additional api requests for the comments.

image

Metadata

Metadata

Assignees

No one assigned

    Labels

    Bug

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions